Remove static Remote Config auth tokens
This commit is contained in:
parent
8501e61eb1
commit
befd336372
|
@ -71,10 +71,6 @@ zkConfig.serverSecret: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrs
|
||||||
|
|
||||||
genericZkConfig.serverSecret: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzAA==
|
genericZkConfig.serverSecret: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzAA==
|
||||||
|
|
||||||
remoteConfig.authorizedTokens:
|
|
||||||
- token1 # 1st authorized token
|
|
||||||
- token2 # 2nd authorized token
|
|
||||||
|
|
||||||
paymentsService.userAuthenticationTokenSharedSecret: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # base64-encoded 32-byte secret shared with MobileCoin services used to generate auth tokens for Signal users
|
paymentsService.userAuthenticationTokenSharedSecret: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # base64-encoded 32-byte secret shared with MobileCoin services used to generate auth tokens for Signal users
|
||||||
paymentsService.fixerApiKey: unset
|
paymentsService.fixerApiKey: unset
|
||||||
paymentsService.coinMarketCapApiKey: unset
|
paymentsService.coinMarketCapApiKey: unset
|
||||||
|
|
|
@ -301,7 +301,6 @@ appConfig:
|
||||||
configuration: example
|
configuration: example
|
||||||
|
|
||||||
remoteConfig:
|
remoteConfig:
|
||||||
authorizedTokens: secret://remoteConfig.authorizedTokens
|
|
||||||
authorizedUsers:
|
authorizedUsers:
|
||||||
- # 1st authorized user
|
- # 1st authorized user
|
||||||
- # 2nd authorized user
|
- # 2nd authorized user
|
||||||
|
|
|
@ -745,7 +745,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
|
||||||
new RegistrationController(accountsManager, phoneVerificationTokenManager, registrationLockVerificationManager,
|
new RegistrationController(accountsManager, phoneVerificationTokenManager, registrationLockVerificationManager,
|
||||||
keys, rateLimiters),
|
keys, rateLimiters),
|
||||||
new RemoteConfigController(remoteConfigsManager, adminEventLogger,
|
new RemoteConfigController(remoteConfigsManager, adminEventLogger,
|
||||||
config.getRemoteConfigConfiguration().authorizedTokens().value(),
|
|
||||||
config.getRemoteConfigConfiguration().authorizedUsers(),
|
config.getRemoteConfigConfiguration().authorizedUsers(),
|
||||||
config.getRemoteConfigConfiguration().requiredHostedDomain(),
|
config.getRemoteConfigConfiguration().requiredHostedDomain(),
|
||||||
config.getRemoteConfigConfiguration().audiences(),
|
config.getRemoteConfigConfiguration().audiences(),
|
||||||
|
|
|
@ -10,10 +10,8 @@ import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import javax.validation.constraints.NotEmpty;
|
import javax.validation.constraints.NotEmpty;
|
||||||
import javax.validation.constraints.NotNull;
|
import javax.validation.constraints.NotNull;
|
||||||
import org.whispersystems.textsecuregcm.configuration.secrets.SecretStringList;
|
|
||||||
|
|
||||||
public record RemoteConfigConfiguration(@NotNull SecretStringList authorizedTokens,
|
public record RemoteConfigConfiguration(@NotNull Set<String> authorizedUsers,
|
||||||
@NotNull Set<String> authorizedUsers,
|
|
||||||
@NotNull String requiredHostedDomain,
|
@NotNull String requiredHostedDomain,
|
||||||
@NotNull @NotEmpty List<String> audiences,
|
@NotNull @NotEmpty List<String> audiences,
|
||||||
@NotNull Map<String, String> globalConfig) {
|
@NotNull Map<String, String> globalConfig) {
|
||||||
|
|
|
@ -54,7 +54,6 @@ public class RemoteConfigController {
|
||||||
|
|
||||||
private final RemoteConfigsManager remoteConfigsManager;
|
private final RemoteConfigsManager remoteConfigsManager;
|
||||||
private final AdminEventLogger adminEventLogger;
|
private final AdminEventLogger adminEventLogger;
|
||||||
private final List<String> configAuthTokens;
|
|
||||||
private final Set<String> configAuthUsers;
|
private final Set<String> configAuthUsers;
|
||||||
private final Map<String, String> globalConfig;
|
private final Map<String, String> globalConfig;
|
||||||
|
|
||||||
|
@ -65,11 +64,10 @@ public class RemoteConfigController {
|
||||||
private static final String GLOBAL_CONFIG_PREFIX = "global.";
|
private static final String GLOBAL_CONFIG_PREFIX = "global.";
|
||||||
|
|
||||||
public RemoteConfigController(RemoteConfigsManager remoteConfigsManager, AdminEventLogger adminEventLogger,
|
public RemoteConfigController(RemoteConfigsManager remoteConfigsManager, AdminEventLogger adminEventLogger,
|
||||||
List<String> configAuthTokens, Set<String> configAuthUsers, String requiredHostedDomain, List<String> audience,
|
Set<String> configAuthUsers, String requiredHostedDomain, List<String> audience,
|
||||||
final GoogleIdTokenVerifier.Builder googleIdTokenVerifierBuilder, Map<String, String> globalConfig) {
|
final GoogleIdTokenVerifier.Builder googleIdTokenVerifierBuilder, Map<String, String> globalConfig) {
|
||||||
this.remoteConfigsManager = remoteConfigsManager;
|
this.remoteConfigsManager = remoteConfigsManager;
|
||||||
this.adminEventLogger = Objects.requireNonNull(adminEventLogger);
|
this.adminEventLogger = Objects.requireNonNull(adminEventLogger);
|
||||||
this.configAuthTokens = configAuthTokens;
|
|
||||||
this.configAuthUsers = configAuthUsers;
|
this.configAuthUsers = configAuthUsers;
|
||||||
this.globalConfig = globalConfig;
|
this.globalConfig = globalConfig;
|
||||||
|
|
||||||
|
@ -141,8 +139,7 @@ public class RemoteConfigController {
|
||||||
|
|
||||||
private Optional<String> getAuthIdentity(String token) {
|
private Optional<String> getAuthIdentity(String token) {
|
||||||
return getAuthorizedGoogleIdentity(token)
|
return getAuthorizedGoogleIdentity(token)
|
||||||
.map(googleIdToken -> googleIdToken.getPayload().getEmail())
|
.map(googleIdToken -> googleIdToken.getPayload().getEmail());
|
||||||
.or(() -> Optional.ofNullable(isAuthorized(token) ? token : null));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private Optional<GoogleIdToken> getAuthorizedGoogleIdentity(String token) {
|
private Optional<GoogleIdToken> getAuthorizedGoogleIdentity(String token) {
|
||||||
|
@ -183,8 +180,4 @@ public class RemoteConfigController {
|
||||||
return bucket < configPercentage;
|
return bucket < configPercentage;
|
||||||
}
|
}
|
||||||
|
|
||||||
@SuppressWarnings("BooleanMethodIsAlwaysInverted")
|
|
||||||
private boolean isAuthorized(String configToken) {
|
|
||||||
return configToken != null && configAuthTokens.stream().anyMatch(authorized -> MessageDigest.isEqual(authorized.getBytes(), configToken.getBytes()));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,7 +31,6 @@ import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Random;
|
import java.util.Random;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.stream.Stream;
|
|
||||||
import javax.ws.rs.client.Entity;
|
import javax.ws.rs.client.Entity;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
@ -40,9 +39,6 @@ import org.junit.jupiter.api.AfterEach;
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.junit.jupiter.api.extension.ExtendWith;
|
import org.junit.jupiter.api.extension.ExtendWith;
|
||||||
import org.junit.jupiter.params.ParameterizedTest;
|
|
||||||
import org.junit.jupiter.params.provider.Arguments;
|
|
||||||
import org.junit.jupiter.params.provider.MethodSource;
|
|
||||||
import org.mockito.ArgumentCaptor;
|
import org.mockito.ArgumentCaptor;
|
||||||
import org.signal.event.NoOpAdminEventLogger;
|
import org.signal.event.NoOpAdminEventLogger;
|
||||||
import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
|
import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
|
||||||
|
@ -59,7 +55,6 @@ import org.whispersystems.textsecuregcm.tests.util.AuthHelper;
|
||||||
class RemoteConfigControllerTest {
|
class RemoteConfigControllerTest {
|
||||||
|
|
||||||
private static final RemoteConfigsManager remoteConfigsManager = mock(RemoteConfigsManager.class);
|
private static final RemoteConfigsManager remoteConfigsManager = mock(RemoteConfigsManager.class);
|
||||||
private static final List<String> remoteConfigsAuth = List.of("foo", "bar");
|
|
||||||
|
|
||||||
private static final Set<String> remoteConfigsUsers = Set.of("user1@example.com", "user2@example.com");
|
private static final Set<String> remoteConfigsUsers = Set.of("user1@example.com", "user2@example.com");
|
||||||
|
|
||||||
|
@ -79,8 +74,8 @@ class RemoteConfigControllerTest {
|
||||||
ImmutableSet.of(AuthenticatedAccount.class, DisabledPermittedAuthenticatedAccount.class)))
|
ImmutableSet.of(AuthenticatedAccount.class, DisabledPermittedAuthenticatedAccount.class)))
|
||||||
.setTestContainerFactory(new GrizzlyWebTestContainerFactory())
|
.setTestContainerFactory(new GrizzlyWebTestContainerFactory())
|
||||||
.addProvider(new DeviceLimitExceededExceptionMapper())
|
.addProvider(new DeviceLimitExceededExceptionMapper())
|
||||||
.addResource(new RemoteConfigController(remoteConfigsManager, new NoOpAdminEventLogger(), remoteConfigsAuth,
|
.addResource(new RemoteConfigController(remoteConfigsManager, new NoOpAdminEventLogger(), remoteConfigsUsers,
|
||||||
remoteConfigsUsers, requiredHostedDomain, Collections.singletonList("aud.example.com"),
|
requiredHostedDomain, Collections.singletonList("aud.example.com"),
|
||||||
googleIdVerificationTokenBuilder, Map.of("maxGroupSize", "42")))
|
googleIdVerificationTokenBuilder, Map.of("maxGroupSize", "42")))
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
|
@ -228,13 +223,12 @@ class RemoteConfigControllerTest {
|
||||||
verifyNoMoreInteractions(remoteConfigsManager);
|
verifyNoMoreInteractions(remoteConfigsManager);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ParameterizedTest
|
@Test
|
||||||
@MethodSource("authorizedTokens")
|
void testSetConfig() {
|
||||||
void testSetConfig(final String configToken) {
|
|
||||||
Response response = resources.getJerseyTest()
|
Response response = resources.getJerseyTest()
|
||||||
.target("/v1/config")
|
.target("/v1/config")
|
||||||
.request()
|
.request()
|
||||||
.header("Config-Token", configToken)
|
.header("Config-Token", "user1.valid")
|
||||||
.put(Entity.entity(new RemoteConfig("android.stickers", 88, Set.of(), "FALSE", "TRUE", null),
|
.put(Entity.entity(new RemoteConfig("android.stickers", 88, Set.of(), "FALSE", "TRUE", null),
|
||||||
MediaType.APPLICATION_JSON_TYPE));
|
MediaType.APPLICATION_JSON_TYPE));
|
||||||
|
|
||||||
|
@ -249,13 +243,12 @@ class RemoteConfigControllerTest {
|
||||||
assertThat(captor.getValue().getUuids()).isEmpty();
|
assertThat(captor.getValue().getUuids()).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ParameterizedTest
|
@Test
|
||||||
@MethodSource("authorizedTokens")
|
void testSetConfigValued() {
|
||||||
void testSetConfigValued(final String configToken) {
|
|
||||||
Response response = resources.getJerseyTest()
|
Response response = resources.getJerseyTest()
|
||||||
.target("/v1/config")
|
.target("/v1/config")
|
||||||
.request()
|
.request()
|
||||||
.header("Config-Token", configToken)
|
.header("Config-Token", "user1.valid")
|
||||||
.put(Entity.entity(new RemoteConfig("value.sometimes", 50, Set.of(), "a", "b", null),
|
.put(Entity.entity(new RemoteConfig("value.sometimes", 50, Set.of(), "a", "b", null),
|
||||||
MediaType.APPLICATION_JSON_TYPE));
|
MediaType.APPLICATION_JSON_TYPE));
|
||||||
|
|
||||||
|
@ -270,9 +263,9 @@ class RemoteConfigControllerTest {
|
||||||
assertThat(captor.getValue().getUuids()).isEmpty();
|
assertThat(captor.getValue().getUuids()).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ParameterizedTest
|
@Test
|
||||||
@MethodSource("authorizedTokens")
|
void testSetConfigWithHashKey() {
|
||||||
void testSetConfigWithHashKey(final String configToken) {
|
final String configToken = "user1.valid";
|
||||||
Response response1 = resources.getJerseyTest()
|
Response response1 = resources.getJerseyTest()
|
||||||
.target("/v1/config")
|
.target("/v1/config")
|
||||||
.request()
|
.request()
|
||||||
|
@ -308,13 +301,12 @@ class RemoteConfigControllerTest {
|
||||||
assertThat(capture2.getHashKey()).isEqualTo("linked.config.0");
|
assertThat(capture2.getHashKey()).isEqualTo("linked.config.0");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ParameterizedTest
|
@Test
|
||||||
@MethodSource("unauthorizedTokens")
|
void testSetConfigUnauthorized() {
|
||||||
void testSetConfigUnauthorized(final String configToken) {
|
|
||||||
Response response = resources.getJerseyTest()
|
Response response = resources.getJerseyTest()
|
||||||
.target("/v1/config")
|
.target("/v1/config")
|
||||||
.request()
|
.request()
|
||||||
.header("Config-Token", configToken)
|
.header("Config-Token", "user3.valid")
|
||||||
.put(Entity.entity(new RemoteConfig("android.stickers", 88, Set.of(), "FALSE", "TRUE", null),
|
.put(Entity.entity(new RemoteConfig("android.stickers", 88, Set.of(), "FALSE", "TRUE", null),
|
||||||
MediaType.APPLICATION_JSON_TYPE));
|
MediaType.APPLICATION_JSON_TYPE));
|
||||||
|
|
||||||
|
@ -336,13 +328,12 @@ class RemoteConfigControllerTest {
|
||||||
verifyNoMoreInteractions(remoteConfigsManager);
|
verifyNoMoreInteractions(remoteConfigsManager);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ParameterizedTest
|
@Test
|
||||||
@MethodSource("authorizedTokens")
|
void testSetConfigBadName() {
|
||||||
void testSetConfigBadName(final String configToken) {
|
|
||||||
Response response = resources.getJerseyTest()
|
Response response = resources.getJerseyTest()
|
||||||
.target("/v1/config")
|
.target("/v1/config")
|
||||||
.request()
|
.request()
|
||||||
.header("Config-Token", configToken)
|
.header("Config-Token", "user1.valid")
|
||||||
.put(Entity.entity(new RemoteConfig("android-stickers", 88, Set.of(), "FALSE", "TRUE", null),
|
.put(Entity.entity(new RemoteConfig("android-stickers", 88, Set.of(), "FALSE", "TRUE", null),
|
||||||
MediaType.APPLICATION_JSON_TYPE));
|
MediaType.APPLICATION_JSON_TYPE));
|
||||||
|
|
||||||
|
@ -351,13 +342,12 @@ class RemoteConfigControllerTest {
|
||||||
verifyNoMoreInteractions(remoteConfigsManager);
|
verifyNoMoreInteractions(remoteConfigsManager);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ParameterizedTest
|
@Test
|
||||||
@MethodSource("authorizedTokens")
|
void testSetConfigEmptyName() {
|
||||||
void testSetConfigEmptyName(final String configToken) {
|
|
||||||
Response response = resources.getJerseyTest()
|
Response response = resources.getJerseyTest()
|
||||||
.target("/v1/config")
|
.target("/v1/config")
|
||||||
.request()
|
.request()
|
||||||
.header("Config-Token", configToken)
|
.header("Config-Token", "user1.valid")
|
||||||
.put(Entity.entity(new RemoteConfig("", 88, Set.of(), "FALSE", "TRUE", null), MediaType.APPLICATION_JSON_TYPE));
|
.put(Entity.entity(new RemoteConfig("", 88, Set.of(), "FALSE", "TRUE", null), MediaType.APPLICATION_JSON_TYPE));
|
||||||
|
|
||||||
assertThat(response.getStatus()).isEqualTo(422);
|
assertThat(response.getStatus()).isEqualTo(422);
|
||||||
|
@ -365,26 +355,24 @@ class RemoteConfigControllerTest {
|
||||||
verifyNoMoreInteractions(remoteConfigsManager);
|
verifyNoMoreInteractions(remoteConfigsManager);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ParameterizedTest
|
@Test
|
||||||
@MethodSource("authorizedTokens")
|
void testSetGlobalConfig() {
|
||||||
void testSetGlobalConfig(final String configToken) {
|
|
||||||
Response response = resources.getJerseyTest()
|
Response response = resources.getJerseyTest()
|
||||||
.target("/v1/config")
|
.target("/v1/config")
|
||||||
.request()
|
.request()
|
||||||
.header("Config-Token", configToken)
|
.header("Config-Token", "user1.valid")
|
||||||
.put(Entity.entity(new RemoteConfig("global.maxGroupSize", 88, Set.of(), "FALSE", "TRUE", null),
|
.put(Entity.entity(new RemoteConfig("global.maxGroupSize", 88, Set.of(), "FALSE", "TRUE", null),
|
||||||
MediaType.APPLICATION_JSON_TYPE));
|
MediaType.APPLICATION_JSON_TYPE));
|
||||||
assertThat(response.getStatus()).isEqualTo(403);
|
assertThat(response.getStatus()).isEqualTo(403);
|
||||||
verifyNoMoreInteractions(remoteConfigsManager);
|
verifyNoMoreInteractions(remoteConfigsManager);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ParameterizedTest
|
@Test
|
||||||
@MethodSource("authorizedTokens")
|
void testDelete() {
|
||||||
void testDelete(final String configToken) {
|
|
||||||
Response response = resources.getJerseyTest()
|
Response response = resources.getJerseyTest()
|
||||||
.target("/v1/config/android.stickers")
|
.target("/v1/config/android.stickers")
|
||||||
.request()
|
.request()
|
||||||
.header("Config-Token", configToken)
|
.header("Config-Token", "user1.valid")
|
||||||
.delete();
|
.delete();
|
||||||
|
|
||||||
assertThat(response.getStatus()).isEqualTo(204);
|
assertThat(response.getStatus()).isEqualTo(204);
|
||||||
|
@ -406,13 +394,12 @@ class RemoteConfigControllerTest {
|
||||||
verifyNoMoreInteractions(remoteConfigsManager);
|
verifyNoMoreInteractions(remoteConfigsManager);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ParameterizedTest
|
@Test
|
||||||
@MethodSource("authorizedTokens")
|
void testDeleteGlobalConfig() {
|
||||||
void testDeleteGlobalConfig(final String configToken) {
|
|
||||||
Response response = resources.getJerseyTest()
|
Response response = resources.getJerseyTest()
|
||||||
.target("/v1/config/global.maxGroupSize")
|
.target("/v1/config/global.maxGroupSize")
|
||||||
.request()
|
.request()
|
||||||
.header("Config-Token", configToken)
|
.header("Config-Token", "user1.valid")
|
||||||
.delete();
|
.delete();
|
||||||
assertThat(response.getStatus()).isEqualTo(403);
|
assertThat(response.getStatus()).isEqualTo(403);
|
||||||
verifyNoMoreInteractions(remoteConfigsManager);
|
verifyNoMoreInteractions(remoteConfigsManager);
|
||||||
|
@ -447,17 +434,4 @@ class RemoteConfigControllerTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static Stream<Arguments> authorizedTokens() {
|
|
||||||
return Stream.of(
|
|
||||||
Arguments.of("foo"),
|
|
||||||
Arguments.of("user1.valid")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
static Stream<Arguments> unauthorizedTokens() {
|
|
||||||
return Stream.of(
|
|
||||||
Arguments.of("baz"),
|
|
||||||
Arguments.of("user3.valid")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue